Articles

Basic Concept of Private VLANs

Today I am going to talk about the basic information followed by the basic configuration of the private VLANs. A Private VLAN gives us the opportunity to divide a VLAN into Sub VLANs. In the case of PVLAN, a normal VLAN is mapped on Secondary VLANs. This helps us to restrict devices being connected in the same normal VLAN (subnet) to communicate with each other.Private VLANs can be configured to different characteristics such as “Community”, “Isolated” and “promiscuous”.

Community : The community state will enable communication between client ports if they are in the same community VLAN.

Isolated : The isolated port will only be able to send data to the promiscuous port, regardless of clients belonging in the same VLAN.

Promiscuous Port: The promiscuous port will be able to receive data from all ports, this port should be connected to a gateway of some sort in order to let all the different ports out of the network

Below is the diagram showing the concept of the Private VLANs which includes Community and Isolated VLANs and also covers the concept of the Promiscuous port in the network.

Fig 1.1- Private VLANs

Let's talk about the basic configuration in the network showing the Private VLANs which include the Community and the isolated Private VLANs.

Configuration

RouteXP(config)# vtp mode transparent

RouteXP(config)# vlan 102

RouteXP(config-vlan)# private-vlan isolated

RouteXP(config)# vlan 101

RouteXP(config-vlan)#private-vlan community

RouteXP(config-vlan)# vlan 100

RouteXP(config-vlan)# private-vlan primary

RouteXP(config-vlan)# private-vlan association 101 102

Our Configuration looks like as below. Please make a note that IP address used here are only for the testing purposes and has no relevance with any of the enterprise networks.